Method and apparatus for authenticating a user on a mobile device

ABSTRACT

Disclosed is a method and apparatus for authenticating a user on a mobile device. The method may include initiating authentication of the user for access to the mobile device, where access to the mobile device is granted upon successful authentication of the user by the mobile device. The method may also include performing face recognition analysis on an image of a face of the user to determine an identity of the user. Furthermore, the method may also include determining whether a first pulse information and a second pulse information associated with the user indicate a pulse match. The method may also include authenticating the user for access to the mobile device when a pulse match is determined and the determined identity of the user has permission to access the mobile device.

FIELD

The subject matter disclosed herein relates generally to authenticatinga user on a mobile device.

BACKGROUND

Mobile communication devices are pervasive in today's society. As aresult, users store, access, and run applications with access tosensitive personal or professional data. For example, a user may accessa bank account via their mobile device, and the mobile device oftenstores account numbers, login credentials, and other data needed foraccessing the bank account. As another example, a user may access theirwork email messages via stored login credentials.

To prevent unauthorized access to a mobile device, and thus thesensitive data, security measures that restrict access to the mobiledevice are employed. One such measure is requiring a user to enter apasscode as a condition precedent to accessing the mobile device.Another measure involves employing a fingerprint scanner on the mobiledevice, and collecting a biometric data sample each time a user attemptsto access the mobile device. Yet another security measure involves theuse of facial recognition in lieu of a passcode.

These measures, however, are not secure, provide a poor user experience,and/or subject to spoofing. That is, passcode entry often fails toprovide a high level of access security as passcodes are easilyhackable. Furthermore, security measures, such as fingerprint scanning,require the addition of costly hardware not generally found on mobiledevices, and may result in an overly cumbersome user access experience.Finally, facial recognition analysis can be spoofed with still images,or video, of a user with access to the mobile device. Although livenesschecks requiring users to blink or use facial expressions may beincluded in facial recognition analysis based approaches, theseapproaches can still be spoofed with videos of the user with access tothe mobile device, and are inconvenient to users seeking access to themobile device.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a flow diagram of one embodiment of a method forauthenticating a user on a mobile device based on liveness verificationand facial recognition analysis;

FIG. 2 is block diagram of one embodiment of a mobile device thatimplements user authentication processes according to the embodimentsdescribed herein;

FIG. 3 is a flow diagram of one embodiment of a method forauthenticating a user on a mobile device based on pulse rate correlationand facial recognition analysis; and

FIG. 4 shows an example of user authentication by a mobile deviceaccording to the embodiments described herein.

DETAILED DESCRIPTION

The word “exemplary” or “example” is used herein to mean “serving as anexample, instance, or illustration.” Any aspect or embodiment describedherein as “exemplary” or as an “example” in not necessarily to beconstrued as preferred or advantageous over other aspects orembodiments.

FIG. 1 is a flow diagram of one embodiment of a method 100 forauthenticating a user on a mobile device based on liveness verificationand facial recognition analysis. The method 100 is performed byprocessing logic that may comprise hardware (circuitry, dedicated logic,etc.), software (such as is run on a general purpose computer system ora dedicated machine), firmware, or a combination. In one embodiment, themethod 100 is performed by a mobile device (for example, mobile device210 discussed below in FIG. 2).

Referring to FIG. 1, processing logic begins by initiating a userauthentication process for access to a mobile device (processing block102). In one embodiment, mobile device is a mobile computing device,such as a mobile telephone, personal digital assistant, tablet computer,etc. capable of sending and receiving wireless communications over acellular and/or wireless communication network. For example, the userauthentication process is initiated when a user seeks to access a lockedor protected mobile device, such as when user 460 illustrated in FIG. 4seeks to be authenticated for purposes of accessing mobile device 452.

Processing logic performs a facial recognition process as part of userauthentication to the mobile device (processing block 104). In oneembodiment, in response to the user authentication process beinginitiated, processing logic activates one or more image capturemechanisms, such as digital cameras 454-1 and 454-2 of the mobile device452 (see FIG. 4), for capturing digital image data. As discussed herein,digital image data may include digital video data as well as stilldigital video image data. In one embodiment, the image capturemechanisms may include a front-facing camera 454-1 on the mobile deviceas well as a rear-facing camera 454-2 on the mobile device, althoughadditional cameras may also be utilized. The captured image dataattempts to capture an image of a face 456-1 of the user 460 seekingauthentication to the mobile device. Once an image of a user's face iscaptured, processing logic extracts facial features from the image data,and compares those features against a facial recognition database ofauthorized users. When the extracted facial features match facialfeatures of an authorized user in the database, the facial recognitionprocess has found that the captured image data corresponds to anauthorized user of the mobile device.

Processing logic also performs a liveness verification process as partof user authentication to the mobile device (processing block 106). Inone embodiment, liveness verification is performed by processing logicto ensure that the mobile device is not being spoofed during facialrecognition by a user that is not authorized to access the mobiledevice. For example, a nefarious user (such as one not authorized toaccess the mobile device) may hold a video display or image of anauthorized user in front of the image capture mechanism, in an attemptto spoof the user authentication process into inappropriatelyrecognizing an authorized face for the unauthorized user. However, inone embodiment, the liveness verification process guards againstspoofing attacks by ensuring that the recognized face corresponds to alive user, and corresponds to the current user that is in fact seekingaccess to the mobile device. As illustrated in FIG. 4, the front facingcamera 454-1 captures a first digital video data 456-1 of a user thatincludes the user's face, while the rear facing camera 454-2 captures asecond digital video data 456-2 of another part of the user, such as theuser's hand as illustrated in FIG. 4.

In one embodiment, and as discussed in greater detail below, processinglogic performs the liveness verification process by estimating userpulse rates from the first and second digital video data, and attemptingto correlate the pulse rates. When the pulse rates can be correlated byprocessing logic, then processing logic can conclude that the imagecaptured by the front-facing camera 454-1 and the rear-facing camera454-2 are capturing live images of the same person. Furthermore,processing logic can conclude from the facial recognition results thatthe person is an authorized used and not a spoofing user, such as anunauthorized person that is holding an image of the authorized user inview of the front-facing camera.

Processing logic then determines whether the liveness verification andfacial recognition processes were both successfully completed(processing block 108). When either process fails, the authenticationprocess fails, and the user is denied access to the mobile device.However, when both the liveness verification and facial recognitionprocesses are successful, processing logic authenticates the user to themobile device and grants the authenticated user access to the mobiledevice (processing block 110). The granting of access may include one ormore of unlocking the mobile device for a user, loading a profile of themobile device associated with the identified user, decrypting content onthe mobile device for which the identified use has access rights, onlinepayment authorization (e.g., authorizing purchases from a mobileapplications store, authorizing purchases from an online retailer,etc.), as well as any other application that includes userauthentication on a mobile device.

In one embodiment, the liveness verification process and the facialrecognition process form a two-fold authentication process that is bothsecure and convenient for a user. That is, the authentication process issecured by facial recognition analysis to ensure that only aspecifically recognized user is able to access the mobile device.Furthermore, the authentication process secures against spoofing byutilizing pulse rate analysis and pulse correlation, to ensure that theperson seeking access to the mobile device is both holding the mobiledevice and corresponds to the image captured for facial recognitionpurposes. Finally, both the facial recognition and liveness verificationare performed in a manner that is convenient and unobtrusive for a user.

In one embodiment, the liveness verification and facial recognitionprocesses of processing blocks 104 and 106 are performed in parallel. Inanother embodiment, the liveness verification and facial recognitionprocesses are performed in serial, such that facial recognition isdetermined prior to liveness verification, or liveness verification isdetermined prior to facial recognition. The order illustrated in FIG. 1is illustrative, and need not be the order in which the livenessverification and facial recognition processes are performed.Furthermore, in one embodiment, regardless of whether the livenessverification and facial recognition processes are performed in parallelor one after the other, both processes can perform their respectiveverification on the same data. For example, image data captured by afront facing camera of the mobile device can be utilized during theliveness verification process by performing pulse rate estimation on theimage data. Furthermore that image data may also be utilized by thefacial recognition process for performing one or more facial recognitiontechniques.

FIG. 2 is block diagram of one embodiment 200 of a mobile device 210that implements user authentication processes according to theembodiments described herein.

In one embodiment, mobile device 210 is a system, which may include oneor more processors 212, a memory 205, I/O controller 225, digitalcameras 227-1 and 227-2, network interface 204, and display 220. Mobiledevice 210 may also include a user authentication engine 240 forauthenticating a user to mobile device 210. In one embodiment, userauthentication engine 240 includes a number of processing modules, whichmay be implemented as hardware, software, firmware, or a combination,such as pulse rate estimator 230, pulse correlator 232, facialrecognition engine 234, and authentication decision engine 236.

It should be appreciated that mobile device 210 may also include,although not illustrated, a user interface (e.g., one or moremicrophones, keyboard, touch-screen, or similar devices), a power device(such as a battery), as well as other components typically associatedwith electronic devices. Network interface 204 may also be coupled to anumber of wireless subsystems 215 (e.g., Bluetooth, WiFi, Cellular, orother networks) to transmit and receive data streams through a wirelesslink to/from a network, or may be a wired interface for directconnection to networks (e.g., the Internet, Ethernet, or other wirelesssystems).

Memory 205 may be coupled to processor 212 to store instructions forexecution by processor 212. In some embodiments, memory 205 isnon-transitory, such as a non-transitory computer readable storagemedium. Memory 205 may also store a facial recognition database of usersthat are authorized to access the mobile device 210. Memory 205 may alsostore user authentication engine 240 and one or more modules of the userauthentication engine 240 (i.e., pulse rate estimator 230, pulsecorrelator 232, facial recognition engine 234, and authenticationdecision engine 236) to implement embodiments described herein. Itshould be appreciated that embodiments of the invention as will behereinafter described may be implemented through the execution ofinstructions, for example as stored in the memory 205 or other element,by processor 212 of mobile device 210 and/or other circuitry of mobiledevice 210 and/or other devices. Particularly, circuitry of mobiledevice 210, including but not limited to processor 212, may operateunder the control of a program, routine, or the execution ofinstructions to execute methods or processes in accordance withembodiments of the invention. For example, such a program may beimplemented in firmware or software (e.g., stored in memory 205 and/orother locations) and may be implemented by processors, such as processor212, and/or other circuitry of mobile device 210. Further, it should beappreciated that the terms processor, microprocessor, circuitry,controller, etc., may refer to any type of logic or circuitry capable ofexecuting logic, commands, instructions, software, firmware,functionality and the like.

Further, it should be appreciated that some or all of the functions,engines or modules described herein may be performed by mobile device210 itself and/or some or all of the functions, engines or modulesdescribed herein may be performed by another system connected throughI/O controller 225 or network interface 204 (wirelessly or wired) tomobile device 210. Thus, some and/or all of the functions may beperformed by another system and the results or intermediate calculationsmay be transferred back to mobile device 210. In some embodiments, suchother device may comprise a server (not shown). In some embodiments, theother device is configured to predetermine the results, for example,based on a known configuration of the mobile device 210.

In one embodiment, mobile device 210 receives a user request or otheruser command through I/O controller 225 to initiate an authenticationprocess. User authentication engine 240 processes the request andactivates front-facing camera 227-1 and rear-facing camera 227-2. Userauthentication engine 240 may selectively activate front-facing camera227-1 and rear-facing camera 227-2 depending on which authenticationprocess (such as liveness verification or facial recognition) iscurrently being performed. User authentication engine 240 may alsoactivate both cameras 227-1 and 227-2 when the liveness verification orfacial recognition processes are performed in parallel. The activationof the cameras 227-1 and 227-2 causes mobile device 210 to capturedigital video data with each camera.

User authentication engine 240 instructs facial recognition engine 234to perform one or more facial recognition processes on captured digitalvideo data. Facial recognition engine 234 analyzes the digital videodata from front-facing camera 227-1 to locate a face within the digitalvideo data. Once facial recognition engine 234 has located a face,facial recognition engine 234 performs a facial recognition process onthe face depicted in the image data. In one embodiment, facialrecognition engine 234 extracts one or more facial recognition features(e.g., facial landmarks, relative positions of facial features, etc.) ofthe face depicted in the image data. Facial recognition engine 234 thencompares the extracted facial recognition features to a database, storedin memory 205, of authorized user's facial recognition features. Forexample, a mobile device may be associated with 3 authorized users, andthe facial recognition database in memory 205 stores the pertinentfacial recognition features for each authorized user. Then, based on thecomparison of facial recognition features, facial recognition engine 234notifies authentication decision engine 236 of the facial recognitionresults.

User authentication engine 240 further instructs pulse rate estimator230 to perform pulse rate estimation on digital video data captured byboth front-facing camera 227-1 and rear-facing camera 227-2. In oneembodiment, pulse rate estimator analyzes each video data to extract apulse rate associated with a user depicted in each digital video imagedata. In one embodiment, pulse rate estimator 230 performs EulerianVideo Magnification on the digital video data. In Eulerian VideoMagnification (EVM), pulse rate estimator 230 applies spatialdecomposition to the video data, applies temporal filtering to videoframes, and amplifies the results to visualize the flow of blood in auser's skin over a period of time (e.g., the face captured in the videodata 456-1 by front-facing camera 454-1 or 227-1, as well as the hand,arm, etc. captured in the video data 456-2 by rear-facing camera 456-2or 227-2). EVM analysis can then quantify the temporal tone colorvariation in the user's skin over the period of time. From thisvisualized and quantified temporal color variation, a pulse rate, pulsemagnitude, as well as other pulse related factors, can be extracted fromvideo data. The EVM analysis of the front-facing camera 227-1 andrear-facing camera 227-2 video data are utilized by pulse rate estimator230 to generate estimated pulse rates for the user seekingauthentication to mobile device 210.

The estimated pulse rates are provided to pulse correlator 232. In oneembodiment, pulse correlator 232 performs statistical analysis on thepulse rates to calculate the cross-correlation between the two pulsesignals corresponding to the front-facing and rear facing camerarespectively to determine whether the estimated pulse rates correspond(i.e., belong to the same user). In embodiments, the cross-correlationof the two pulse signals is determined using methods such as, but notlimited to, signal convolution analysis in the time-domain orfrequency-domain. In one embodiment, pulse correlator 232 shifts one orboth pulse rate estimates to account for a timing difference that occurswhen pulse rate estimates are generated from different locations on auser's body. That is, a first pulse rate estimate may be statisticallyrelated to a second pulse rate estimate, but must be time shifted toaccount for the time it would take blood flow to reach different partsof the user's body. When the estimated and adjusted pulse ratescorrespond, pulse correlator 232 determines that the image data capturedby front-facing camera 227-1 and rear-facing camera 227-2 are capturinglive image data of the same user.

In one embodiment, pulse correlator 232 determines that the estimatedand adjusted pulse rates correspond with one another based on astatistical analysis of the two estimated pulse rates. The statisticalanalysis determines a measure of how related the two pulse rates are toone another, such as by computation of cross-correlation. In oneembodiment, pulse correlator 232 determines the statistical confidenceof a pulse match, and compares this confidence of a pulse match to apulse match threshold value. For example, a pulse match may only beaccepted by pulse correlator 232 when the confidence associated with thematch exceeds a 99% confidence threshold. In one embodiment, thethreshold value may be set to an initial threshold value, and adjustedbased on one or more ambient conditions associated with video data fromwhich the pulse rates were determined. For example, if the video dataindicates one or more of a good light condition, steady image capture,long video duration, etc., the threshold may remain at the initial valueor may be adjusted to a higher value. As another example, if the videodata indicates one or more of a low light condition, a low image qualitycondition, shaky image capture, etc., the threshold may remain at theinitial value or may be adjusted to a lower value. In one embodiment,the front and rear facing cameras may independently influence theadjustment of the correlation threshold based on ambient conditionsassociated with each camera. In one embodiment, the pulse match isdetermined by pulse correlator 232 when the statistical likelihood of apulse match exceeds the pulse match threshold. Pulse correlator 232 thennotifies authentication decision engine 236 of the pulse match resultsrelative to the confidence threshold.

Decision engine 240 determines whether the user is recognized as anauthorized user based on results of the facial recognition engine's 234video data analysis results (i.e., the recognized user is an authorizeduser of the mobile device 210). Authentication decision engine 236 alsodetermines whether the estimated pulse rates determined by pulsecorrelator 232 indicate a pulse match in the video data. When both thefacial recognition analysis and the pulse correlation results aresuccessfully completed, user authentication engine 240 authenticates theuser, thereby granting the user access to the mobile device.

As discussed herein, the pulse rate estimation and the facialrecognition analysis may be performed by the pulse rate estimator 230and the facial recognition engine 234 in parallel. Furthermore, thepulse rate estimator 230 and the facial recognition engine 234 mayutilize the same video data for analysis purposes. In this embodiment,the authentication process would result in the added security that therecognized face corresponds to the live person that is currently holdingthe mobile device and is currently seeking authentication.

FIG. 3 is a flow diagram of one embodiment of a method forauthenticating a user on a mobile device based on pulse rate correlationand facial recognition analysis. The method 300 is performed byprocessing logic that may comprise hardware (circuitry, dedicated logic,etc.), software (such as is run on a general purpose computer system ora dedicated machine), firmware, or a combination. In one embodiment, themethod 300 is performed by a mobile device (such as mobile device 210).

Referring to FIG. 3, processing logic begins by initiating a userauthentication process for accessing a mobile device (processing block302). The user authentication process may be initiated whenever a mobiledevice attempts to transition from an inactive state to an active state,such as transitioning from sleep to wake, from locked to unlocked, etc.The user authentication process may also be initiated in response to auser request to access a locked mobile device, or in response to anauthentication demand from any application/process running on the mobiledevice (e.g., an authentication demand from an online app store, onlineretailer, etc.). In one embodiment, access to the mobile device ispredicated on successful authentication of the user by processing logicas discussed herein.

Processing logic captures image data of the user with a front-facingcamera and a rear-facing camera of the mobile device (processing block304). In one embodiment, captured image data is digital video datacaptured by the cameras. Processing logic performs one or more facialrecognition processes on the captured image data (processing block 306).As discussed above, the facial recognition processes may includelocating an image of a face depicted in the image data, and extractingvisual features from the located face image. In the embodimentsdiscussed herein, any number of facial features may be extracted, suchas features corresponding to the eyes, nose, mouth, jaw, ears,cheekbones, etc., and their relative positions to one another.Processing logic then searches for a match between the facialrecognition results and facial recognition features associated withusers that have access privileges to the mobile device (processing block308). The match is determined by processing logic by comparing a featureset associated with the face located in the image, with feature sets ofthe authorized users of the mobile device. From the comparison,processing logic determines a likelihood that the feature set associatedwith the face located in the image matches an authorized user's featureset to determine whether a user with access privileges is matched(processing block 310). When this likelihood exceeds a thresholdlikelihood, the face located in the digital video data matches anauthorized user. When the likelihood does not exceed the threshold, theface is determined not to match an authorized user. In one embodiment,in the event that processing logic determines that the face does notmatch an authorized user (processing block 318), processing logic mayproceed immediately to block 320 to block user access to the mobiledevice.

Processing logic also estimates user pulse rates from the first andsecond image data (processing block 312). The first and second imagedata may correspond to first and second digital videos captured by afront-facing and rear-facing camera of a mobile device. In oneembodiment, processing logic performs EVM analysis to derive a temporalvariation in skin tone of a user captured in the first and seconddigital videos. From the temporal variation in skin tone, a pulse ratemay be estimated for the user from each of the first and second digitalvideos. These pulse rates are then correlated (processing block 314), bytemporally shifting one or both estimated pulse rates, by adjusting themagnitude of one or both estimated pulse rates, and/or determining astatistical likelihood that the pulse rates match one another bycomparison of the likelihood of a match to a pulse match threshold value(processing block 316). In one embodiment, although no illustrated, whenthe pulse match likelihood does not exceed the threshold, processinglogic may proceed immediately to block 320 to block user access to themobile device.

As discussed herein, the pulse rate estimation and correlation analysis,and the facial recognition processes, may be carried out by processinglogic in parallel, as well as one after the other. Furthermore, in anembodiment where the authentication processes are serially performed,facial recognition is performed prior to pulse rate estimation andcorrelation.

Processing logic determines whether a correlation between the estimatedpulse rates (derived from the first and second image data) exceeds athreshold and whether the user matches a user with access privileges(processing block 318). When the correlation of pulse rates issufficiently close (for example, when the correlation exceeds athreshold), and when the facial features extracted from a user seekingauthentication match facial features of an authorized user, processinglogic authenticates the user and grants the user access to the mobiledevice (processing block 322). Otherwise, processing logic blocks useraccess to the mobile device (processing block 320).

It should be appreciated that when the devices discussed herein is amobile or wireless device, that it may communicate via one or morewireless communication links through a wireless network that are basedon or otherwise support any suitable wireless communication technology.For example, in some aspects computing device or server may associatewith a network including a wireless network. In some aspects the networkmay comprise a body area network or a personal area network (such as anultra-wideband network). In some aspects the network may comprise alocal area network or a wide area network. A wireless device may supportor otherwise use one or more of a variety of wireless communicationtechnologies, protocols, or standards such as, for example, CDMA, TDMA,OFDM, OFDMA, WiMAX, and Wi-Fi. Similarly, a wireless device may supportor otherwise use one or more of a variety of corresponding modulation ormultiplexing schemes. A mobile wireless device may wirelesslycommunicate with other mobile devices, cell phones, other wired andwireless computers, Internet web-sites, etc.

The teachings herein may be incorporated into (for example, implementedwithin or performed by) a variety of apparatuses or devices. Forexample, one or more aspects taught herein may be incorporated into aphone (such as a cellular phone), a personal data assistant (PDA), atablet, a mobile computer, a laptop computer, an entertainment device(e.g., a music or video device), a headset (e.g., headphones, anearpiece, etc.), a medical device (e.g., a biometric sensor, a heartrate monitor, a pedometer, an Electrocardiography (EKG) device, etc.), auser I/O device, a computer, a server, a point-of-sale device, a set-topbox, or any other suitable device. These devices may have differentpower and data requirements and may result in different power profilesgenerated for each feature or set of features.

In some aspects a wireless device may comprise an access device (forexample, a Wi-Fi access point) for a communication system. Such anaccess device may provide, for example, connectivity to another network(e.g., a wide area network such as the Internet or a cellular network)via a wired or wireless communication link. Accordingly, the accessdevice may enable another device (for example, a Wi-Fi station) toaccess the other network or some other functionality. In addition, itshould be appreciated that one or both of the devices may be portableor, in some cases, relatively non-portable.

Those of skill in the art would understand that information and signalsmay be represented using any of a variety of different technologies andtechniques. For example, data, instructions, commands, information,signals, bits, symbols, and chips that may be referenced throughout theabove description may be represented by voltages, currents,electromagnetic waves, magnetic fields or particles, optical fields orparticles, or any combination thereof.

Those of skill would further appreciate that the various illustrativelogical blocks, modules, circuits, and algorithm steps described inconnection with the embodiments disclosed herein may be implemented aselectronic hardware, computer software, or combinations of both. Toclearly illustrate this interchangeability of hardware and software,various illustrative components, blocks, modules, circuits, and stepshave been described above generally in terms of their functionality.Whether such functionality is implemented as hardware or softwaredepends upon the particular application and design constraints imposedon the overall system. Skilled artisans may implement the describedfunctionality in varying ways for each particular application, but suchimplementation decisions should not be interpreted as causing adeparture from the scope of the present invention.

The various illustrative logical blocks, modules, and circuits describedin connection with the embodiments disclosed herein may be implementedor performed with a general purpose processor, a digital signalprocessor (DSP), an application specific integrated circuit (ASIC), afield programmable gate array (FPGA) or other programmable logic device,discrete gate or transistor logic, discrete hardware components, or anycombination thereof designed to perform the functions described herein.A general purpose processor may be a microprocessor, but in thealternative, the processor may be any conventional processor,controller, microcontroller, or state machine. A processor may also beimplemented as a combination of computing devices, e.g., a combinationof a DSP and a microprocessor, a plurality of microprocessors, one ormore microprocessors in conjunction with a DSP core, or any other suchconfiguration.

The steps of a method or algorithm described in connection with theembodiments disclosed herein may be embodied directly in hardware, in asoftware module executed by a processor, or in a combination of the two.A software module may reside in RAM memory, flash memory, ROM memory,EPROM memory, registers, hard disk, a removable disk, a CD-ROM, or anyother form of storage medium known in the art. An exemplary storagemedium is coupled to the processor such the processor can readinformation from, and write information to, the storage medium. In thealternative, the storage medium may be integral to the processor. Theprocessor and the storage medium may reside in an ASIC. The ASIC mayreside in a user terminal. In the alternative, the processor and thestorage medium may reside as discrete components in a user terminal.

In one or more exemplary embodiments, the functions described may beimplemented in hardware, software, firmware, or any combination thereof.If implemented in software as a computer program product, the functionsmay be stored on or transmitted over as one or more instructions or codeon a non-transitory computer-readable medium. Computer-readable mediacan include both computer storage media and communication mediaincluding any medium that facilitates transfer of a computer programfrom one place to another. A storage media may be any available mediathat can be accessed by a computer. By way of example, and notlimitation, such non-transitory computer-readable media can compriseRAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic diskstorage or other magnetic storage devices, or any other medium that canbe used to carry or store desired program code in the form ofinstructions or data structures and that can be accessed by a computer.Also, any connection is properly termed a computer-readable medium. Forexample, if the software is transmitted from a web site, server, orother remote source using a coaxial cable, fiber optic cable, twistedpair, digital subscriber line (DSL), or wireless technologies such asinfrared, radio, and microwave, then the coaxial cable, fiber opticcable, twisted pair, DSL, or wireless technologies such as infrared,radio, and microwave are included in the definition of medium. Disk anddisc, as used herein, includes compact disc (CD), laser disc, opticaldisc, digital versatile disc (DVD), floppy disk and blu-ray disc wheredisks usually reproduce data magnetically, while discs reproduce dataoptically with lasers. Combinations of the above should also be includedwithin the scope of non-transitory computer-readable media.

The previous description of the disclosed embodiments is provided toenable any person skilled in the art to make or use the presentinvention. Various modifications to these embodiments will be readilyapparent to those skilled in the art, and the generic principles definedherein may be applied to other embodiments without departing from thespirit or scope of the invention. Thus, the present invention is notintended to be limited to the embodiments shown herein but is to beaccorded the widest scope consistent with the principles and novelfeatures disclosed herein.

What is claimed is:
 1. A method for authenticating a user on a mobiledevice, comprising: initiating authentication of the user for access tothe mobile device, wherein access to the mobile device is granted uponsuccessful authentication of the user by the mobile device; capturingfirst video data from a first camera of the mobile device, wherein thefirst video data captures at least an image of a face of the user;capturing second video data from a second camera of the mobile device;performing face recognition analysis on the image of the face of theuser to determine an identity of the user; determining a first pulseinformation of the user from the first video data and a second pulseinformation of the user from the second video data; determining whetherthe first pulse information and the second pulse information indicate apulse match; and authenticating the user for access to the mobile devicewhen a pulse match is determined and the determined identity of the userhas permission to access the mobile device.
 2. The method of claim 1,wherein the determination of the first pulse information and the secondpulse information comprises: determining a temporal variation in a skintone of the user from captured video data; and determining a pulse ofthe user based on the temporal variation in the skin tone of the userover a period of time.
 3. The method of claim 2, wherein the pulse matchis determined from the first pulse information and the second pulseinformation when there is a correlation between temporal variation inskin tone determined from the first video data and temporal variation inskin tone determined from the second video data.
 4. The method of claim1, wherein the face recognition analysis and the first pulse informationare determined concurrently.
 5. The method of claim 1, wherein the facerecognition analysis is performed prior to determination of the firstpulse information and the second pulse.
 6. The method of claim 1,wherein the face recognition analysis and the first pulse informationare determined from a common segment of the first video data.
 7. Themethod of claim 1, wherein determining whether the first pulseinformation and the second pulse information indicate a pulse match,further comprises: correlating the first pulse information with thesecond pulse information; determining a likelihood of the pulse matchbased on the correlated first pulse information and second pulseinformation; comparing the determined likelihood to a pulse matchthreshold; and determining the first pulse information matches thesecond pulse information when the determined likelihood exceeds thepulse match threshold.
 8. The method of claim 7, further comprising:performing regression analysis on the correlated first pulse informationand second pulse information to determine the likelihood of the pulsematch.
 9. The method of claim 7, wherein the pulse match threshold isadjusted based on one or more ambient conditions associated with thecapture of the first video data and the second video data.
 10. Themethod of claim 7, wherein correlating the first pulse information withthe second pulse information further comprises: temporally shifting thesecond pulse information to account for a difference in pulse timingassociated with a difference in location on the user's body from whichthe first pulse information and the second pulse information werederived.
 11. The method of claim 1, wherein the first camera is afront-facing camera of the mobile device, and the second camera is arear-facing camera of the mobile device.
 12. A non-transitory computerreadable storage medium including instructions that, when executed by aprocessor, cause the processor to perform a method for authenticating auser on a mobile device, the method comprising: initiatingauthentication of the user for access to the mobile device, whereinaccess to the mobile device is granted upon successful authentication ofthe user by the mobile device; capturing first video data from a firstcamera of the mobile device, wherein the first video data captures atleast an image of a face of the user; capturing second video data from asecond camera of the mobile device; performing face recognition analysison the image of the face of the user to determine an identity of theuser; determining a first pulse information of the user from the firstvideo data and a second pulse information of the user from the secondvideo data; determining whether the first pulse information and thesecond pulse information indicate a pulse match; and authenticating theuser for access to the mobile device when a pulse match is determinedand the determined identity of the user has permission to access themobile device.
 13. The computer readable storage medium of claim 12,wherein the determination of the first pulse information and the secondpulse information comprises: determining a temporal variation in a skintone of the user from captured video data; and determining a pulse ofthe user based on the temporal variation in the skin tone of the userover a period of time.
 14. The computer readable storage medium of claim13, wherein the pulse match is determined from the first pulseinformation and the second pulse information when there is a correlationbetween temporal variation in skin tone determined from the first videodata and temporal variation in skin tone determined from the secondvideo data.
 15. The computer readable storage medium of claim 12,wherein the face recognition analysis and the first pulse informationare determined concurrently.
 16. The computer readable storage medium ofclaim 12, wherein the face recognition analysis is performed prior todetermination of the first pulse information and the second pulse. 17.The computer readable storage medium of claim 12, wherein the facerecognition analysis and the first pulse information are determined froma common segment of the first video data.
 18. The computer readablestorage medium of claim 12, wherein determining whether the first pulseinformation and the second pulse information indicate a pulse match,further comprises: correlating the first pulse information with thesecond pulse information; determining a likelihood of the pulse matchbased on the correlated first pulse information and second pulseinformation; comparing the determined likelihood to a pulse matchthreshold; and determining the first pulse information matches thesecond pulse information when the determined likelihood exceeds thepulse match threshold.
 19. The computer readable storage medium of claim18, further comprising: performing regression analysis on the correlatedfirst pulse information and second pulse information to determine thelikelihood of the pulse match.
 20. The computer readable storage mediumof claim 18, wherein the pulse match threshold is adjusted based on oneor more ambient conditions associated with the capture of the firstvideo data and the second video date.
 21. The computer readable storagemedium of claim of claim 18, wherein correlating the first pulseinformation with the second pulse information further comprises:temporally shifting the second pulse information to account for adifference in pulse timing associated with a difference in location onthe user's body from which the first pulse information and the secondpulse information were derived.
 22. The computer readable storage mediumof claim 12, wherein the first camera is a front-facing camera of themobile device, and the second camera is a rear-facing camera of themobile device.
 23. A mobile device to perform user authentication,comprising: a user authentication engine to initiate authentication ofthe user for access to the mobile device, wherein access to the mobiledevice is granted upon successful authentication of the user by themobile device, a first video camera communicatively coupled with theuser authentication engine to capture first video data in response tothe request, wherein the first video data captures at least an image ofa face of the user, a second video camera communicatively coupled withthe user authentication engine to capture second video data in responseto the request, wherein the user authentication engine comprises afacial recognition engine to perform face recognition analysis on theimage of the face of the user in the first video data to determine anidentity of the user, a pulse rate estimator to determine a first pulseinformation of the user from the first video data and a second pulseinformation of the user from the second video data, a pulse correlatorto determine whether the first pulse information and the second pulseinformation indicate a pulse match, and an authentication decisionengine to authenticate the user for access to the mobile device when apulse match is determined and the determined identity of the user haspermission to access the mobile device.
 24. The mobile device of claim23, wherein the pulse correlator to determine whether the first pulseinformation and the second pulse information further comprises the pulsecorrelator to determine a temporal variation in a skin tone of the userfrom captured video data, and determine a pulse of the user based on thetemporal variation in the skin tone of the user over a period of time.25. The mobile device of claim 24, wherein the pulse match is determinedfrom the first pulse information and the second pulse information whenthere is a correlation between temporal variation in skin tonedetermined from the first video data and temporal variation in skin tonedetermined from the second video data.
 26. The mobile device of claim23, wherein the facial recognition engine performs the face recognitionanalysis and the pulse rate estimator determines the first pulseinformation concurrently.
 27. The mobile device of claim 21, wherein thepulse correlator to determine whether the first pulse information andthe second pulse information indicate a pulse match, further comprisesthe pulse correlator to correlate the first pulse information with thesecond pulse information, determine a likelihood of the pulse matchbased on the correlated first pulse information and second pulseinformation, compare the determined likelihood to a pulse matchthreshold, and determine the first pulse information matches the secondpulse information when the determined likelihood exceeds the pulse matchthreshold.
 28. A system for authenticating a user on a mobile device,comprising: means for initiating authentication of the user for accessto the mobile device, wherein access to the mobile device is grantedupon successful authentication of the user by the mobile device; meansfor capturing first video data from a first camera of the mobile device,wherein the first video data captures at least an image of a face of theuser; means for capturing second video data from a second camera of themobile device; means for performing face recognition analysis on theimage of the face of the user to determine an identity of the user;means for determining a first pulse information of the user from thefirst video data and a second pulse information of the user from thesecond video data; means for determining whether the first pulseinformation and the second pulse information indicate a pulse match; andmeans for authenticating the user for access to the mobile device when apulse match is determined and the determined identity of the user haspermission to access the mobile device.
 29. The system of claim 28,wherein the determination of the first pulse information and the secondpulse information comprises: means for determining a temporal variationin a skin tone of the user from captured video data; and means fordetermining a pulse of the user based on the temporal variation in theskin tone of the user over a period of time.
 30. The system of claim 28,wherein the means for determining whether the first pulse informationand the second pulse information indicate a pulse match, furthercomprises: means for correlating the first pulse information with thesecond pulse information; means for determining a likelihood of thepulse match based on the correlated first pulse information and secondpulse information; means for comparing the determined likelihood to apulse match threshold; and means for determining the first pulseinformation matches the second pulse information when the determinedlikelihood exceeds the pulse match threshold.